Replace XTEA with BLAKE2b-based MAC

[govpn.git] / doc / transport.texi

diff --git a/doc/transport.texi b/doc/transport.texi
index 4b8413b23e470b0cb58543ecaa4c92c89d572731..cdb5950524820360b2d15fa7fb749e473ab154b3 100644 (file)
--- a/doc/transport.texi
+++ b/doc/transport.texi
@@ -21,23 +21,18 @@ TAG || ENCRYPTED || NONCE --> PACKET
                     |       |
                     |       +--< DATA || PAD [|| ZEROS]
                     |
-                    +--< PRP(PRP_KEY, SERIAL)
+                    +--< MAC(MAC_KEY, SERIAL)
 @end verbatim
 
 @code{SERIAL} is message's serial number. Odds are reserved for
 client (to server) messages, evens for server (to client) messages.
 
-@code{PRP} is XTEA block cipher algorithm used here as PRP (pseudo
-random permutation function) to obfuscate @code{SERIAL}. Plaintext
-@code{SERIAL} state is kept in peers internal state, but encrypted
-before transmission.
-
-XTEA's encryption key @code{PRP_KEY} is the first 128-bit of Salsa20's
-output with established common key and zero nonce (message nonces start
-from 1).
+@code{MAC} is BLAKE2b-MAC used to obfuscate @code{SERIAL}. MAC's key
+@code{MAC_KEY} is the first 256-bit of Salsa20's output with established
+common key and zero nonce (message nonces start from 1).
 
 @verbatim
-PRP_KEY = 128bit(ENCRYPT(KEY, 0))
+MAC_KEY = 256bit(ENCRYPT(KEY, 0))
 @end verbatim
 
 @code{ENCRYPT} is Salsa20 stream cipher, with established session
@@ -63,7 +58,7 @@ In @ref{Encless, encryptionless mode} this scheme is slightly different:
 @verbatim
  PACKET = ENCODED || NONCE
 ENCODED = ENCLESS(DATA || PAD || ZEROS)
-  NONCE = PRP(PRP_KEY, SERIAL)
+  NONCE = MAC(MAC_KEY, SERIAL)
 @end verbatim
 
 @code{ENCLESS} is AONT and chaffing function. There is no need in